oh-my-posh: Windows Defender says oh-my-posh contains virus and blocks it
Prerequisites
- I have read and understand the
CONTRIBUTINGguide - I looked for duplicate issues before submitting this one
Description
Environment
- Oh my Posh version: 3.147.0
- Theme: customized theme (pasted at the bottom)
- Operating System: Windows 10
- Shell: Windows PowerShell
PS D:\xiaoh\Documents\WindowsPowerShell> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.19041.906
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.906
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
- Terminal: Windows PowerShell (Standard Windows Console)
Steps to Reproduce
- Windows Defender got updated automatically.
- Boot
powershell
Expected behavior: oh-my-posh gets imported successfully
Actual behavior:
Customized Theme
{
"final_space": true,
"osc99": false,
"console_title": false,
"console_title_style": "",
"console_title_template": "",
"blocks": [
{
"type": "prompt",
"alignment": "left",
"horizontal_offset": 0,
"vertical_offset": 0,
"segments": [
{
"type": "root",
"style": "plain",
"powerline_symbol": "",
"invert_powerline": false,
"foreground": "#FFEE58",
"foreground_templates": null,
"background": "",
"background_templates": null,
"leading_diamond": "",
"trailing_diamond": "",
"properties": {
"root_icon": ""
}
},
{
"type": "python",
"style": "diamond",
"invert_powerline": false,
"foreground": "#ffffff",
"foreground_templates": null,
"background": "#5fafd7",
"background_templates": null,
"leading_diamond": "",
"trailing_diamond": "<#5fafd7,#5858ff></>",
"properties": {
"prefix": " "
}
},
{
"type": "path",
"style": "diamond",
"powerline_symbol": "",
"invert_powerline": false,
"foreground": "#efefef",
"foreground_templates": null,
"background": "#5858ff",
"background_templates": null,
"leading_diamond": "",
"trailing_diamond": "<#5858ff,transparent></>",
"properties": {
"folder_separator_icon": " ",
"home_icon": "🏠",
"folder_icon": "…",
"style": "mixed"
}
},
{
"type": "exit",
"style": "powerline",
"powerline_symbol": "",
"invert_powerline": false,
"foreground": "#ffffff",
"foreground_templates": null,
"background": "#800000",
"background_templates": null,
"leading_diamond": "",
"trailing_diamond": "",
"properties": {
"prefix": " "
}
}
]
}
]
}
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 31 (15 by maintainers)
Commits related to this issue
- refactor(pwsh): postfix invoke-expression relates to #708 — committed to JanDeDobbeleer/oh-my-posh by JanDeDobbeleer 3 years ago
- refactor(pwsh): postfix invoke-expression relates to #708 — committed to JanDeDobbeleer/oh-my-posh by JanDeDobbeleer 3 years ago
@Jkudjo thanks for reminding me what year it is. One would indeed forget with everything which is going on in the world.
Perhaps sigstore can be helpful in this effort someday.
@tigerinus @silverqx the latest version swaps every occurrence of
Invoke-Expressionwith the piped version. Curious to see if that would impact something.It should be reported to McAfee, when something calls
xyz | Invoke-Expressionit does not mean that it is malicious, I’m pretty sure that there is nothing malicious.If suppose for now with the adjusted init scripts and docs we can close this for the time being?
The pipe version should work the same as is described in docs.
Defender doesn’t detect it as positive anymore. @JanDeDobbeleer
I’ll leave this open to keep track of it myself.
@tigerinus @lnu no, they closed that without notice. I’ll see if I can reach out directly. The only way to bypass that today (doesn’t happen everywhere) is to exclude it from Defender.